PAYMENT AUTHENTICATION SYSTEM FOR ELECTRONIC COMMERCE TRANSACTIONS

Organization Name

Aurus

Inventor(s)

Rahul Mutha of Norwood MA (US)

PAYMENT AUTHENTICATION SYSTEM FOR ELECTRONIC COMMERCE TRANSACTIONS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240232868 titled 'PAYMENT AUTHENTICATION SYSTEM FOR ELECTRONIC COMMERCE TRANSACTIONS

The patent application describes a payment managing system and method that enhances the security of electronic user payment data through two-factor authentication and keeping the e-commerce host system outside the PCI scope.

• Two-factor authentication involves using a session ID and a one-time token (OTT) to verify the user's identity during an e-commerce transaction.
• The session ID identifies the payment session initiated when the transaction begins.
• The system provides a computing device with an iframe to input user data securely on an information resource.
• The OTT tokenizes the user input data, which is included in payment authorization requests sent to the system.
• Payment authorization is obtained without sharing the user's payment data with e-commerce host systems.

Potential Applications: - Secure online payment processing for e-commerce websites - Enhancing data security for financial transactions - Improving user trust and confidence in online shopping platforms

Problems Solved: - Mitigating the risk of data breaches and unauthorized access to sensitive payment information - Simplifying the payment process for users while maintaining high security standards

Benefits: - Increased security for electronic payment data - Streamlined payment authorization process - Compliance with PCI security standards

Commercial Applications: Title: Secure Payment Processing System for E-commerce Platforms This technology can be used by online retailers, payment processors, and financial institutions to enhance the security of electronic transactions, improve user experience, and build trust with customers.

Questions about the technology: 1. How does the two-factor authentication process enhance the security of electronic payment data? 2. What are the potential implications of keeping the e-commerce host system outside the PCI scope for data security and compliance?

Original Abstract Submitted

a payment managing system and method for enhancing the security of electronic user payment data can include employing a two factor authentication and keeping e-commerce host system outside the pci scope. the two-factor authentication can include using a session id and a one-time token (ott). the session id can identify a payment session that is initiated upon initiation of an e-commerce transaction. the payment managing system can provide a computing device initiating the transaction an iframe to handle input user input data on an information resource. the ott can be used to tokenize the user input data. the ott can be included in payment authorization requests sent to the payment managing system. the payment managing system can obtain payment authorization without the user payment data being shared with e-commerce host systems.